diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 4a6900b1..8d562670 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -1,14 +1,14 @@
 # Biometric
-/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_sdm660 u:object_r:hal_fingerprint_sdm660_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.1-service\.xiaomi_sdm660   u:object_r:hal_fingerprint_sdm660_exec:s0
 
 # Goodix Fingerprint
-/dev/goodix_fp*                                 u:object_r:fingerprint_device:s0
 /data/misc/gf_data(/.*)?                        u:object_r:fingerprint_data_file:s0
 /data/misc/goodix(/.*)?                         u:object_r:fingerprint_data_file:s0
 /persist/data/gf*                               u:object_r:fingerprint_data_file:s0
 /data/gf_data(/.*)?                             u:object_r:fingerprintd_data_file:s0
 /data/vendor/gf_data(/.*)?                      u:object_r:fingerprint_vendor_data_file:s0
 /data/vendor/goodix(/.*)?                       u:object_r:fingerprint_vendor_data_file:s0
+/dev/goodix_fp                                  u:object_r:fingerprint_device:s0
 
 # FPC Fingerprint
 /data/vendor/fpc(/.*)?                          u:object_r:fingerprint_vendor_data_file:s0
@@ -43,7 +43,7 @@
 /sys/bus/platform/drivers/kcal_ctrl(/.*)?       u:object_r:kcal_dev:s0
 
 # Light HAL
-/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.xiaomi_sdm660 u:object_r:hal_light_default_exec:s0
+/(vendor|system/vendor)/bin/hw/android\.hardware\.light@2\.0-service\.xiaomi_sdm660                     u:object_r:hal_light_default_exec:s0
 
 # Mlipay
 /(vendor|system/vendor)/bin/mlipayd@1.1         u:object_r:hal_mlipay_default_exec:s0
diff --git a/sepolicy/vendor/genfs_contexts b/sepolicy/vendor/genfs_contexts
index 46592970..73b2f7be 100644
--- a/sepolicy/vendor/genfs_contexts
+++ b/sepolicy/vendor/genfs_contexts
@@ -30,6 +30,6 @@ genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-00/800f000.qcom,spmi:
 genfscon proc /nvt_wake_gesture                                 u:object_r:proc_dt2w:s0
 
 # LED
-genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight u:object_r:sysfs_graphics:s0
-genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight1 u:object_r:sysfs_graphics:s0
-genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/white u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight      u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/button-backlight1     u:object_r:sysfs_graphics:s0
+genfscon sysfs /devices/soc/800f000.qcom,spmi/spmi-0/spmi0-03/800f000.qcom,spmi:qcom,pm660l@3:qcom,leds@d000/leds/white                 u:object_r:sysfs_graphics:s0
diff --git a/sepolicy/vendor/hal_audio_default.te b/sepolicy/vendor/hal_audio_default.te
index 00a281d3..c5626148 100644
--- a/sepolicy/vendor/hal_audio_default.te
+++ b/sepolicy/vendor/hal_audio_default.te
@@ -3,4 +3,4 @@ get_prop(hal_audio_default, dirac_prop)
 set_prop(hal_audio_default, dirac_prop)
 allow hal_audio_default vendor_data_file:dir { create write add_name };
 allow hal_audio_default vendor_data_file:file { append create getattr open read };
-dontaudit hal_audio_default sysfs:dir read;
+allow hal_audio_default sysfs:dir r_dir_perms;
diff --git a/sepolicy/vendor/hal_fingerprint_sdm660.te b/sepolicy/vendor/hal_fingerprint_sdm660.te
index 15f21507..ab8fad9e 100644
--- a/sepolicy/vendor/hal_fingerprint_sdm660.te
+++ b/sepolicy/vendor/hal_fingerprint_sdm660.te
@@ -1,19 +1,24 @@
-type hal_fingerprint_sdm660, domain, binder_in_vendor_violators;
+type hal_fingerprint_sdm660, domain;
 hal_server_domain(hal_fingerprint_sdm660, hal_fingerprint)
 
 type hal_fingerprint_sdm660_exec, exec_type, vendor_file_type, file_type;
-typeattribute hal_fingerprint_sdm660 data_between_core_and_vendor_violators;
-binder_use(hal_fingerprint_sdm660)
 init_daemon_domain(hal_fingerprint_sdm660)
 
-allow hal_fingerprint_sdm660 fingerprint_device:chr_file { read write open ioctl };
-allow hal_fingerprint_sdm660 { tee_device uhid_device }:chr_file { read write open ioctl };
-allow hal_fingerprint_sdm660 fingerprint_data_file:file rw_file_perms;
+allow hal_fingerprint_sdm660 {
+    fingerprint_device
+    tee_device
+    uhid_device
+}:chr_file rw_file_perms;
+
+# TODO(b/36644492): Remove data_between_core_and_vendor_violators once
+# hal_fingerprint no longer directly accesses fingerprintd_data_file.
+typeattribute hal_fingerprint_sdm660 data_between_core_and_vendor_violators;
+# access to /data/system/users/[0-9]+/fpdata
+
 allow hal_fingerprint_sdm660 fingerprintd_data_file:dir rw_dir_perms;
 allow hal_fingerprint_sdm660 fingerprintd_data_file:file create_file_perms;
-allow hal_fingerprint_sdm660 { fuse mnt_user_file storage_file }:dir search;
-allow hal_fingerprint_sdm660 { mnt_user_file storage_file }:lnk_file read;
-allow hal_fingerprint_sdm660 fingerprint_sysfs:dir r_dir_perms;
+allow hal_fingerprint_sdm660 fingerprint_data_file:file rw_file_perms;
+
 allow hal_fingerprint_sdm660 fingerprint_sysfs:file rw_file_perms;
 
 allow hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find;
@@ -25,22 +30,12 @@ allow hal_fingerprint_sdm660 vendor_fp_prop:file { getattr open read };
 
 allow hal_fingerprint_sdm660 hal_fingerprint_sdm660:netlink_socket { create bind write read };
 
-binder_call(hal_fingerprint_sdm660, vndservicemanager)
+allow hal_fingerprint_sdm660 self:netlink_socket create_socket_perms_no_ioctl;
+
+allow hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find;
 binder_call(hal_fingerprint_sdm660, hal_perf_default)
 
-binder_use(hal_fingerprint_sdm660)
-
 r_dir_file(hal_fingerprint_sdm660, firmware_file)
-
-add_service(hal_fingerprint_sdm660, goodixvnd_service)
-
-allow hal_fingerprint_sdm660 vndbinder_device:chr_file ioctl;
-
 set_prop(hal_fingerprint_sdm660, hal_fingerprint_prop)
 
-vndbinder_use(hal_fingerprint_sdm660)
-
-dontaudit hal_fingerprint_sdm660 { media_rw_data_file sdcardfs}:dir search;
-dontaudit hal_fingerprint_sdm660 media_rw_data_file:dir { read open };
-dontaudit hal_fingerprint_sdm660 hal_perf_hwservice:hwservice_manager find;
-dontaudit hal_fingerprint_sdm660 hal_fingerprint_hwservice:hwservice_manager add;
+dontaudit hal_fingerprint_default storage_file:dir search;
diff --git a/sepolicy/vendor/hal_power_default.te b/sepolicy/vendor/hal_power_default.te
index 0fd48327..f13364fa 100644
--- a/sepolicy/vendor/hal_power_default.te
+++ b/sepolicy/vendor/hal_power_default.te
@@ -3,4 +3,3 @@ allow hal_power_default sysfs_tap_to_wake:file rw_file_perms;
 # Allow writing to files in /proc/tp_gesture
 allow hal_power_default proc:file rw_file_perms;
 allow hal_power_default proc:dir search;
-
diff --git a/sepolicy/vendor/hwservice.te b/sepolicy/vendor/hwservice.te
index 6c299d1b..158b6cc8 100644
--- a/sepolicy/vendor/hwservice.te
+++ b/sepolicy/vendor/hwservice.te
@@ -1,2 +1 @@
-type goodixhw_service, hwservice_manager_type;
 type hal_mlipay_hwservice, hwservice_manager_type;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 407dbc71..fccb1bc8 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -1,12 +1,24 @@
-sys.fp.goodix	u:object_r:hal_fingerprint_prop:s0
-sys.fp.vendor   u:object_r:hal_fingerprint_prop:s0
-persist.sys.fp.info u:object_r:hal_fingerprint_prop:s0
-persist.vendor.sys.fp.vendor u:object_r:hal_fingerprint_prop:s0
-persist.vendor.sys.pay.fido         u:object_r:mlipay_prop:s0
-persist.vendor.sys.pay.ifaa         u:object_r:mlipay_prop:s0
-persist.vendor.sys.pay.soter        u:object_r:mlipay_prop:s0
+# Audio
+audio.sys.noisy.broadcast.delay         u:object_r:vendor_default_prop:s0
+audio.sys.offload.pstimeout.secs        u:object_r:vendor_default_prop:s0
+audio_hal.in_period_size                u:object_r:vendor_default_prop:s0
+audio_hal.period_multiplier             u:object_r:vendor_default_prop:s0
+persist.audio.fluence.voicecomm         u:object_r:vendor_default_prop:s0
+
+# Mlipay
+persist.vendor.sys.pay.         u:object_r:mlipay_prop:s0
 persist.vendor.sys.provision.status u:object_r:mlipay_prop:s0
 
+# Fingerprint
+fpc_kpi                             u:object_r:vendor_default_prop:s0
+gf.debug.dump_data                  u:object_r:hal_fingerprint_prop:s0
+persist.sys.fp.                     u:object_r:hal_fingerprint_prop:s0
+persist.vendor.sys.fp.              u:object_r:hal_fingerprint_prop:s0
+ro.boot.fp.                         u:object_r:hal_fingerprint_prop:s0
+sys.fp.                             u:object_r:hal_fingerprint_prop:s0
+ro.boot.fpsensor                    u:object_r:hal_fingerprint_prop:s0
+persist.sys.fp.info                 u:object_r:hal_fingerprint_prop:s0
+
 # Camera
 camera.                             u:object_r:camera_prop:s0
 cameradaemon.SaveMemAtBoot          u:object_r:camera_prop:s0
@@ -16,23 +28,17 @@ persist.camera.                     u:object_r:camera_prop:s0
 persist.vendor.camera.              u:object_r:vendor_camera_prop:s0
 vendor.camera.eis.gyro_name             u:object_r:vendor_camera_prop:s0
 
-# Fingerprint
-gf.debug.dump_data                  u:object_r:vendor_fp_prop:s0
-persist.sys.fp.                     u:object_r:vendor_fp_prop:s0
-persist.vendor.sys.fp.              u:object_r:vendor_fp_prop:s0
-ro.boot.fp.                         u:object_r:vendor_fp_prop:s0
-sys.fp.                             u:object_r:vendor_fp_prop:s0
-ro.boot.fpsensor                    u:object_r:vendor_fp_prop:s0
 
 # Thermal engine
 persist.sys.thermal.                u:object_r:thermal_engine_prop:s0
 sys.thermal.                        u:object_r:thermal_engine_prop:s0
 
 # vendor_default_prop
-fpc_kpi                             u:object_r:vendor_default_prop:s0
-gpu.stats.debug.level               u:object_r:vendor_default_prop:s0
 vendor.display.lcd_density          u:object_r:vendor_default_prop:s0
 
+# Media
+gpu.stats.debug.level                   u:object_r:vendor_default_prop:s0
+
 # Dirac
 persist.audio.dirac.                u:object_r:dirac_prop:s0
 
diff --git a/sepolicy/vendor/thermal-engine.te b/sepolicy/vendor/thermal-engine.te
index f1f31e51..db8f8eb8 100644
--- a/sepolicy/vendor/thermal-engine.te
+++ b/sepolicy/vendor/thermal-engine.te
@@ -1,5 +1,6 @@
 allow thermal-engine thermal_data_file:dir rw_dir_perms;
 allow thermal-engine thermal_data_file:file create_file_perms;
+allow thermal-engine sysfs:dir r_dir_perms;
 allow thermal-engine self:capability { chown fowner };
 allow thermal-engine property_socket:sock_file write;
 dontaudit thermal-engine self:capability dac_override;
diff --git a/sepolicy/vendor/vendor_init.te b/sepolicy/vendor/vendor_init.te
index 0e2b9f64..7765ffa9 100644
--- a/sepolicy/vendor/vendor_init.te
+++ b/sepolicy/vendor/vendor_init.te
@@ -10,7 +10,6 @@ allow vendor_init {
 
 allow vendor_init unlabeled:{ dir file } { getattr relabelfrom };
 
-set_prop(vendor_init, camera_prop)
 allow vendor_init media_rw_data_file:file { getattr relabelfrom };
 
 allow vendor_init rootfs:dir { add_name create setattr write };
diff --git a/sepolicy/vendor/vndservice.te b/sepolicy/vendor/vndservice.te
deleted file mode 100644
index ebc594c3..00000000
--- a/sepolicy/vendor/vndservice.te
+++ /dev/null
@@ -1 +0,0 @@
-type goodixvnd_service, vndservice_manager_type;
diff --git a/sepolicy/vendor/vndservice_contexts b/sepolicy/vendor/vndservice_contexts
deleted file mode 100644
index 92d3f217..00000000
--- a/sepolicy/vendor/vndservice_contexts
+++ /dev/null
@@ -1 +0,0 @@
-android.hardware.fingerprint.IGoodixFingerprintDaemon  u:object_r:goodixvnd_service:s0